The world of electronic commerce has created new challenges to establishing relationships between contracting parties. One of those challenges springs from the fact that the parties to the transaction cannot see or hear each other, and cannot otherwise easily confirm each other's identity and authority to act.
One remedy for this problem is to provide each contracting party with a private key for signing transmitted messages. The signing party makes available an associated public key that decrypts messages signed with the party's private key, and thus enables a receiving party to confirm the identity of the sender.
But the sender's public key may not be known a priori to the recipient. In that event, the sender may transmit with its signed message a digital certificate issued by a certificate authority. The certificate is itself a signed electronic document (signed with the private key of the certificate authority) certifying that a particular public key is the public key of the sender.
In some cases, the recipient may be unfamiliar with the public key of the certificate authority or may not know whether the certificate is still valid. In that event, the recipient may wish to check the authenticity and validity of the certificate with an entity that it trusts. One known protocol for checking certificate status is the on-line certificate status protocol (OCSP).
Another challenge facing electronic commerce relates to payments and the establishment of payment systems. In some cases, purchasers pay for goods purchased over the Internet by transmitting a credit card number to a merchant. Security risks and other drawbacks associated with this practice make it undesirable even for business-to-consumer transactions, and unacceptable for most business-to-business ones.
Several electronic payment systems have also been proposed, including ones that employ digital certificates to authenticate the identity of a payor. These systems, however, do not provide the array of payment instruments required for modern electronic commerce, especially business-to-business electronic commerce, and often fail to provide an adequate infrastructure to securely and verifiably effect electronic payments.